Network transparency is an important consideration for a WAN optimization solution. Transparent WAN optimization architecture applies optimizations to the traffic "payload" while preserving the original and critically-important IP and TCP headers. Non-transparent architectures on the other hand either encapsulate optimized traffic in "tunnels" or otherwise replace this critical information with something else, and therefore obstruct network services that depend on TCP headers.
A WAN optimization solution with a transparent architecture fully integrates into existing networks while preserving existing network services. As a result, network transparency protects the organization's investment in networks and reduces ongoing operational expenses.
Network services which rely on such transparency include the following:
- Access Control Lists-ACL examine source or destination IP and other TCP information. They cannot operate if traffic is encapsulated into a transport tunnel
- Firewall policies-most firewall policies rely on examining source/destination IP addresses and TCP information. Transparent WAN optimization solutions support IP stateful inspection of optimized traffic and offer full firewall policies compliance. The use of traffic tunnels renders firewall policies ineffective. In effect, network administrators must `punch a hole' in the firewall to allow optimization traffic through, and all optimized traffic is obfuscated, thereby defeating any existing firewall policies. Furthermore, any stateful inspection performed on this traffic is done against the tunnel packets and not against the original flow.
- NetFlow statistics-Most networking devices (e.g. routers, switches) can export traffic stats using the NetFlow interface. Analysis of NetFlow information is critical to monitoring and troubleshooting any network. Transparent WAN optimization solutions preserve the packet headers and therefore maintain the validity of NetFlow stats from any device along the path. Non-transparent solutions obstruct the NetFlow exports from any device along the path, as the router/switch only sees un-optimized flows and tunneled traffic.
- Route selection-Mechanisms such as Policy-Based Routing (PBR), Performance Routing (PFR), and Dynamic Multipoint VPN (DMVPN) rely on packet header information and classification to determine route selection. Lack of transparency causes route selection to fail, as the network can only see un-optimized flows and tunnels between WAN optimization devices.
- Quality of Service-Quality of service is a means of differentiating traffic in the network with the intent of treating one type of traffic differently than another. Quality of Service Classification is performed on any aspect of a flow, including payload data, IP or TCP header information, VLAN tag, DSCP, or others. The network element must be able to see the original characteristics of the data, otherwise, classification and everything that follows is broken. Devices that obfuscate data from being properly classified, due to lack of transparency, make end-to-end Quality of Service impossible.
A Transparent WAN optimization solution should be available without additional complexity and should be integrated with all other WAN optimization capabilities